From 09574a6104ce824c43fe8261d31451ccb337d11b Mon Sep 17 00:00:00 2001 From: Perry Kundert Date: Sat, 29 Oct 2011 14:47:53 +0200 Subject: Corrected discarding of remainder of message when request ID invalid When zmq::req_t::xrecv detects that a response has no request ID label, or the ID is the wrong size, it would return an EAGAIN, but would not discard the remainder of the message. This could allow the remainder of the message to incorrectly "leak" into a future response, if it is crafted to look like a reply with a valid response ID. Discard all remaining message blocks, if the ID is invalid in any way. --- src/req.cpp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'src/req.cpp') diff --git a/src/req.cpp b/src/req.cpp index 04a19fb..0832f60 100644 --- a/src/req.cpp +++ b/src/req.cpp @@ -92,14 +92,20 @@ int zmq::req_t::xrecv (msg_t *msg_, int flags_) // TODO: This should also close the connection with the peer! if (unlikely (!(msg_->flags () & msg_t::label) || msg_->size () != 4)) { + while (true) { + int rc = xreq_t::xrecv (msg_, flags_); + errno_assert (rc == 0); + if (!(msg_->flags () & (msg_t::label | msg_t::more))) + break; + } + msg_->close (); + msg_->init (); errno = EAGAIN; return -1; } unsigned char *data = (unsigned char*) msg_->data (); if (unlikely (get_uint32 (data) != request_id)) { - - // The request ID does not match. Drop the entire message. while (true) { int rc = xreq_t::xrecv (msg_, flags_); errno_assert (rc == 0); -- cgit v1.2.3 From ac7717b7b35f441fc3aeeb1528e63f147c00913a Mon Sep 17 00:00:00 2001 From: Martin Sustrik Date: Mon, 31 Oct 2011 16:20:30 +0100 Subject: 250bpm copyrights added Signed-off-by: Martin Sustrik --- src/req.cpp | 1 + 1 file changed, 1 insertion(+) (limited to 'src/req.cpp') diff --git a/src/req.cpp b/src/req.cpp index 0832f60..9114daf 100644 --- a/src/req.cpp +++ b/src/req.cpp @@ -1,4 +1,5 @@ /* + Copyright (c) 2009-2011 250bpm s.r.o. Copyright (c) 2007-2011 iMatix Corporation Copyright (c) 2007-2011 Other contributors as noted in the AUTHORS file -- cgit v1.2.3 From 7842c7107358324e8c5b9af7272e6dcab8c97931 Mon Sep 17 00:00:00 2001 From: Martin Sustrik Date: Tue, 1 Nov 2011 13:39:54 +0100 Subject: LABELS and COMMANDs removed Signed-off-by: Martin Sustrik --- src/req.cpp | 46 +++++++++++++++------------------------------- 1 file changed, 15 insertions(+), 31 deletions(-) (limited to 'src/req.cpp') diff --git a/src/req.cpp b/src/req.cpp index 9114daf..9694d2d 100644 --- a/src/req.cpp +++ b/src/req.cpp @@ -1,6 +1,7 @@ /* Copyright (c) 2009-2011 250bpm s.r.o. Copyright (c) 2007-2011 iMatix Corporation + Copyright (c) 2011 VMware, Inc. Copyright (c) 2007-2011 Other contributors as noted in the AUTHORS file This file is part of 0MQ. @@ -29,8 +30,7 @@ zmq::req_t::req_t (class ctx_t *parent_, uint32_t tid_) : xreq_t (parent_, tid_), receiving_reply (false), - message_begins (true), - request_id (generate_random ()) + message_begins (true) { options.type = ZMQ_REQ; } @@ -50,19 +50,17 @@ int zmq::req_t::xsend (msg_t *msg_, int flags_) // First part of the request is the request identity. if (message_begins) { - msg_t prefix; - int rc = prefix.init_size (4); + msg_t bottom; + int rc = bottom.init (); errno_assert (rc == 0); - prefix.set_flags (msg_t::label); - unsigned char *data = (unsigned char*) prefix.data (); - put_uint32 (data, request_id); - rc = xreq_t::xsend (&prefix, flags_); + bottom.set_flags (msg_t::more); + rc = xreq_t::xsend (&bottom, 0); if (rc != 0) - return rc; + return -1; message_begins = false; } - bool more = msg_->flags () & (msg_t::more | msg_t::label) ? true : false; + bool more = msg_->flags () & msg_t::more ? true : false; int rc = xreq_t::xsend (msg_, flags_); if (rc != 0) @@ -92,25 +90,11 @@ int zmq::req_t::xrecv (msg_t *msg_, int flags_) return rc; // TODO: This should also close the connection with the peer! - if (unlikely (!(msg_->flags () & msg_t::label) || msg_->size () != 4)) { + if (unlikely (!(msg_->flags () & msg_t::more) || msg_->size () != 0)) { while (true) { int rc = xreq_t::xrecv (msg_, flags_); errno_assert (rc == 0); - if (!(msg_->flags () & (msg_t::label | msg_t::more))) - break; - } - msg_->close (); - msg_->init (); - errno = EAGAIN; - return -1; - } - - unsigned char *data = (unsigned char*) msg_->data (); - if (unlikely (get_uint32 (data) != request_id)) { - while (true) { - int rc = xreq_t::xrecv (msg_, flags_); - errno_assert (rc == 0); - if (!(msg_->flags () & (msg_t::label | msg_t::more))) + if (!(msg_->flags () & msg_t::more)) break; } msg_->close (); @@ -118,6 +102,7 @@ int zmq::req_t::xrecv (msg_t *msg_, int flags_) errno = EAGAIN; return -1; } + message_begins = false; } @@ -126,8 +111,7 @@ int zmq::req_t::xrecv (msg_t *msg_, int flags_) return rc; // If the reply is fully received, flip the FSM into request-sending state. - if (!(msg_->flags () & (msg_t::more | msg_t::label))) { - request_id++; + if (!(msg_->flags () & msg_t::more)) { receiving_reply = false; message_begins = true; } @@ -167,8 +151,8 @@ zmq::req_session_t::~req_session_t () int zmq::req_session_t::write (msg_t *msg_) { - if (state == request_id) { - if (msg_->flags () == msg_t::label && msg_->size () == 4) { + if (state == bottom) { + if (msg_->flags () == msg_t::more && msg_->size () == 0) { state = body; return xreq_session_t::write (msg_); } @@ -177,7 +161,7 @@ int zmq::req_session_t::write (msg_t *msg_) if (msg_->flags () == msg_t::more) return xreq_session_t::write (msg_); if (msg_->flags () == 0) { - state = request_id; + state = bottom; return xreq_session_t::write (msg_); } } -- cgit v1.2.3 From 8e21d64c974344b5b2b83cac85d12c51392fe74b Mon Sep 17 00:00:00 2001 From: Martin Sustrik Date: Tue, 1 Nov 2011 18:06:11 +0100 Subject: Copyright dates adjusted to reflect reality Signed-off-by: Martin Sustrik --- src/req.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/req.cpp') diff --git a/src/req.cpp b/src/req.cpp index 9694d2d..40c4765 100644 --- a/src/req.cpp +++ b/src/req.cpp @@ -1,6 +1,6 @@ /* Copyright (c) 2009-2011 250bpm s.r.o. - Copyright (c) 2007-2011 iMatix Corporation + Copyright (c) 2007-2009 iMatix Corporation Copyright (c) 2011 VMware, Inc. Copyright (c) 2007-2011 Other contributors as noted in the AUTHORS file -- cgit v1.2.3 From a4843b65d24f9caa188bb2454b28080f0cee8484 Mon Sep 17 00:00:00 2001 From: Martin Sustrik Date: Fri, 4 Nov 2011 08:00:47 +0100 Subject: Identities re-introduced However, the "durable socket" behaviour wasn't re-added. Identities are used solely for routing in REQ/REP pattern. Signed-off-by: Martin Sustrik --- src/req.cpp | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'src/req.cpp') diff --git a/src/req.cpp b/src/req.cpp index 40c4765..3ba1ec0 100644 --- a/src/req.cpp +++ b/src/req.cpp @@ -147,23 +147,32 @@ zmq::req_session_t::req_session_t (io_thread_t *io_thread_, bool connect_, zmq::req_session_t::~req_session_t () { + state = options.recv_identity ? identity : bottom; } int zmq::req_session_t::write (msg_t *msg_) { - if (state == bottom) { + switch (state) { + case bottom: if (msg_->flags () == msg_t::more && msg_->size () == 0) { state = body; return xreq_session_t::write (msg_); } - } - else { + break; + case body: if (msg_->flags () == msg_t::more) return xreq_session_t::write (msg_); if (msg_->flags () == 0) { state = bottom; return xreq_session_t::write (msg_); } + break; + case identity: + if (msg_->flags () == 0) { + state = bottom; + return xreq_session_t::write (msg_); + } + break; } errno = EFAULT; return -1; -- cgit v1.2.3